Critical Vulnerabilities in Fedora 43 and 44 Moby-Engine Disclosed

Fedora has released updates for the moby-engine addressing critical vulnerabilities, including CVE-2026-39828, CVE-2026-39829, and CVE-2026-39830, all published on May 22, 2026. These vulnerabilities allow unauthorized command execution and denial of service attacks via SSH. The affected versions are part of Fedora's moby-engine 29.6.0 release. Users are advised to update their systems using the 'dnf' update program. The vulnerabilities could potentially impact numerous systems utilizing the moby-engine for container management. The updates resolve issues related to SSH permissions and resource leaks. The security community is urged to apply these patches promptly to mitigate risks.

Key Points: • Fedora's moby-engine has critical vulnerabilities affecting SSH functionality. • CVE-2026-39828 allows unauthorized command execution, while CVE-2026-39829 and CVE-2026-39830 enable denial of service. • Users must update to moby-engine version 29.6.0 to address these vulnerabilities.